公开(公告)号：US10999251B2

公开(公告)日：2021-05-04

申请号：US16145682

申请日：2018-09-28

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sundaresan Rajangam ,  Miraj Subhashbhai Kheni ,  Suresh B Akula

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/859 ,  H04L29/08 ,  G06F15/16 ,  H04L12/713

Abstract: Techniques are disclosed for generating intent-based policies and applying the policies to traffic of a computer network. In one example, a policy controller for the computer network receives traffic statistics for traffic flows among a plurality of application workloads executed by a first set of computing devices. The policy controller correlates the traffic statistics into session records for the plurality of application workloads. The policy controller generates, based on the session records for the application workloads, application firewall policies for the application workloads. Each of the application firewall policies define whether traffic flows between application workloads are to be allowed or denied. The policy controller distributes the application firewall policies to a second set of one or more computing devices for application to traffic flows between instances of the application workloads.

公开(公告)号：USD878407S1

公开(公告)日：2020-03-17

申请号：US29654955

申请日：2018-06-28

Applicant: Juniper Networks, Inc.

Designer： Prasad Miriyala ,  Anish Mehta

公开(公告)号：US12267208B2

公开(公告)日：2025-04-01

申请号：US17657596

申请日：2022-03-31

Applicant: Juniper Networks, Inc.

Inventor： Mahesh Sivakumar ,  Fnu Nadeem ,  Srinivas Akkipeddi ,  Michael Henkel ,  Prasad Miriyala ,  Gurminder Singh ,  Édouard Thuleau ,  Atul S Moghe ,  Joseph Williams ,  Ignatious Johnson Christober ,  Jeffrey S. Marshall ,  Nagendra Maynattamai ,  Dale Davis

IPC: H04L41/0813 ,  G06F9/50 ,  H04L9/40 ,  H04L41/0803 ,  H04L41/0866 ,  H04L41/40 ,  H04L45/42 ,  H04L69/00

Abstract: In an example, a method includes processing, by an application programming interface (API) server implemented by a configuration node of a network controller for a software-defined networking (SDN) architecture system, requests for operations on native resources of a container orchestration system; processing, by a custom API server implemented by the configuration node, requests for operations on custom resources for SDN architecture configuration, wherein each of the custom resources for SDN architecture configuration corresponds to a type of configuration object in the SDN architecture system; detecting, by a control node of the network controller, an event on an instance of a first custom resource of the custom resources; and by the control node, in response to detecting the event on the instance of the first custom resource, obtaining configuration data for the instance of the first custom resource and configuring a corresponding instance of a configuration object in the SDN architecture.

公开(公告)号：US12261742B2

公开(公告)日：2025-03-25

申请号：US18411207

申请日：2024-01-12

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Michael Henkel ,  Iqlas M. Ottamalika

IPC: H04L41/0816 ,  H04L41/0853 ,  H04L41/0869

Abstract: An example application programming interface (API) server device that distributes configuration data to managed network devices includes one or more processing units implemented in circuitry and configured to receive configuration data to be deployed to at least one of the managed network devices; store the configuration data to a configuration database; and send the configuration data to the at least one of the managed network devices. In this manner, the configuration data can be archived for later retrieval and analysis, e.g., to perform root cause analysis in the event of an error.

公开(公告)号：US20240291753A1

公开(公告)日：2024-08-29

申请号：US18657426

申请日：2024-05-07

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Wen Lin ,  Suresh Palguna Krishnan ,  SelvaKumar Sivaraj ,  Kumuthini Ratnasingham

IPC: H04L45/00 ,  H04L12/46 ,  H04L45/586 ,  H04L45/74

CPC classification number: H04L45/34 ,  H04L12/4641 ,  H04L45/566 ,  H04L45/586 ,  H04L45/74

Abstract: A plurality of switches may be arranged according to a spine and leaf topology in which each spine switch is connected to all leaf switches. A leaf switch includes a memory configured to store a plurality of policies, each of the plurality of policies being associated with a respective source identifier value and a respective destination address; a network interface communicatively coupled to one of the spine switches; and a processor implemented in circuitry and configured to: receive a packet from the spine switch via the network interface, the packet being encapsulated with a Virtual Extensible Local Area
Network (VXLAN) header; extract a source identifier value from the VXLAN header; determine a destination address for the packet; determine a policy of the plurality of policies to apply to the packet according to the source identifier value and the destination address;
and apply the policy to the packet.

公开(公告)号：US12074884B2

公开(公告)日：2024-08-27

申请号：US17808970

申请日：2022-06-24

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Sajeesh Mathew ,  Akhilesh Pathodia ,  Tashi Garg

IPC: H04L9/40 ,  G06F9/54

CPC classification number: H04L63/105 ,  G06F9/547 ,  H04L63/20

Abstract: A network controller for a software-defined networking (SDN) architecture system may receive a request to generate an access control policy for a role in a container orchestration system, where the request specifies a plurality of functions. The network controller may execute the plurality of functions and may log execution of the plurality of functions in an audit log. The network controller may parse the audit log to determine a plurality of resources of the container orchestration system accessed from executing the plurality of functions and, for each resource of the plurality of resources, a respective one or more types of operations performed on the respective resource. The network controller may create, based at least in part on the parsed audit log, the access control policy for the role that permits a role to perform, on each of the plurality of resources, the respective one or more types of operations.

公开(公告)号：US20240129161A1

公开(公告)日：2024-04-18

申请号：US18146799

申请日：2022-12-27

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Michael Henkel ,  Pranav Cherukupalli

IPC: H04L12/46 ,  G06F9/50

CPC classification number: H04L12/4641 ,  G06F9/5072

Abstract: In general, techniques are described for performing network segmentation for container orchestration platforms. A network controller comprising a memory and processing circuitry may be configured to perform the techniques. The memory may be configured to store a request, conforming to a container orchestration platform, to configure a new pod of a plurality of pods with a primary interface to communicate on a virtual network to segment a network formed by the plurality of pods. The processing circuitry may be configured to configure, responsive to the request, the new pod with the primary interface to enable communications via the virtual network.

公开(公告)号：US20240095158A1

公开(公告)日：2024-03-21

申请号：US18468538

申请日：2023-09-15

Applicant: Juniper Networks, Inc.

Inventor： Prasad Miriyala ,  Michael Henkel ,  Sridhar Ramachandra Katere ,  Pranav Cherukupalli ,  Atul S. Moghe ,  Ji Hwan Kim

IPC: G06F11/36

CPC classification number: G06F11/3688 ,  G06F11/3664 ,  G06F11/3696

Abstract: In general, techniques are described for performing pre-deployment checks to ensure that a computing environment is suitably configured for deploying a containerized software-defined networking (SDN) architecture system, and for performing post-deployment checks to determine the operational state of the containerized SDN architecture system after deployment to the computing environment.

公开(公告)号：US11929987B1

公开(公告)日：2024-03-12

申请号：US16800816

申请日：2020-02-25

Applicant: Juniper Networks, Inc.

Inventor： Pranavadatta D N ,  Aniket G. Daptari ,  Carlo Contavalli ,  Prasad Miriyala ,  Kiran K N ,  Prasannaa Vengatesan T S ,  Venkatesh Velpula

IPC: H04L9/40 ,  G06F9/455 ,  H04L49/25 ,  H04L61/5007 ,  H04L69/22 ,  H04L69/324 ,  H04L101/622

CPC classification number: H04L63/0272 ,  G06F9/45558 ,  H04L49/25 ,  H04L61/5007 ,  H04L69/22 ,  H04L69/324 ,  G06F2009/45595 ,  H04L2101/622

Abstract: Techniques are disclosed for a network device to preserve packet flow information across bump-in-the-wire (BITW) firewalls. For example, a method comprises receiving, by a network device, a packet. The method also comprises determining, by the network device, that the packet matches a packet flow that is associated with an action to redirect the packet to a firewall configured as a bump-in-the-wire. The method further comprises, in response to the determination: modifying, by the network device, a Media Access Control (MAC) address field of a layer 2 (L2) packet header with a flow identifier of the packet flow; sending, by the network device, the packet to the firewall; receiving, by the network device, the packet from the firewall; and recovering, by the network device, the packet flow by modifying the packet according to the flow identifier in the packet to restore the L2 packet header of the packet.

公开(公告)号：US20230269215A1

公开(公告)日：2023-08-24

申请号：US18308367

申请日：2023-04-27

Applicant: Juniper Networks, Inc.

Inventor： Sangarshan Pillareddy ,  Yuvaraja Mariappan ,  James Nicholas Davey ,  Prasad Miriyala ,  Richard Roberts ,  Margarida Correia ,  Nagendra E S ,  Haji Mohamed Ashraf Ali

IPC: H04L61/103 ,  H04L45/745 ,  G06N20/00 ,  H04L12/46 ,  H04L61/5007

CPC classification number: H04L61/103 ,  H04L45/745 ,  G06N20/00 ,  H04L12/4641 ,  H04L61/5007 ,  H04L2101/622

Abstract: Techniques are described for learning an unknown virtual network information, such as an virtual Internet Protocol (IP) address, of a pod in a virtual network. In some examples, a virtual router executing at a computing device may receive an Address Resolution Protocol (ARP) packet from a virtual execution element in the virtual network, the virtual execution element executing at the computing device. The virtual router may determine, based at least in part on the ARP packet, whether virtual network information for the virtual execution element in a virtual network is known to the virtual router. The virtual router may, in response to determining that the virtual network information of the virtual execution element in the virtual network is not known to the virtual router, perform learning of the virtual network information for the virtual execution element.